A look at how security through obscurity (hiding files) is doomed to fail in Mac OS X, plus a look at some easy ways to truly secure files on your Mac.

The reliance on the secrecy of the design or implementation as the main method of providing security for a system or component of a system.

It's generally accepted that a security by obscurity model is not adequate, but let's take a quick look at how this approach is often implemented (and how it fails) on Macs.

Misleading Names

Often the first approach to hiding something is to give it a misleading name – a kind of "hide in plain sight" approach. It's kind of like taking the dust jacket from War & Peace, putting it on your diary, and then leaving the diary out in the open on your bookshelf.

The problem here is that Mac OS X is so good at indexing and searching not just file names but all text in a file. Imagine you are documenting your struggles with an evil stepmother and want to hide this journal from her. Even if you change the name of the file to something misleading, like "Boring Work Stuff", a search for the word stepmother will still find the document.

Weird Places

Another approach is to take the files you want to hide and put them someplace strange – some folder somewhere where you would not expect anyone to look. It's like taking the diary from the example above and hiding it some place you think (hope!) nobody would ever look.

This would, in most cases, prevent someone from stumbling across the files, but they would still be immediately revealed in a search as described above.

Hidden Folders

This starts to get more advanced and a little more effective as well. There are a lot of files and folders in Mac OS X that are generally not visible to the user. This is because Mac OS X, by default, hides any folder that starts with a dot (period). Better yet any file that is placed in a hidden folder inherits that "hide" attribute – it becomes invisible, and will not appear in search results.

Sounds easy. The trick is that, by default, Mac OS X won't let you put a dot at the start of a file name. You'll get an error message like this:

You can force the dot by renaming the file/folder in terminal, but it's generally easier to just show all of the existing hidden files on Mac OS X. Just follow those steps – once you can see the existing hidden folders you can also create new ones by pre-pending the dot. If you try it now you'll get a caution that looks like this rather than an error.

You can use this trick to create a hidden folder, and any files you put into it will also be hidden.

As far as security by obscurity goes... this is about as good as it gets. The files won't be visible by default, and they won't show up in a search. But there are drawbacks...

You will have to show hidden files on your Mac whenever you want to see the files.

Anybody else can show hidden files and see them.

The first part is just inconvenient for you (not everyone will relish the prospect of showing/hiding hidden files) but the second part is more serious. Go back to the diary example for a second – we're hiding it in a better place, but we're still just hiding it. If anyone finds it they get all the information.

Encryption

The only real security is to encrypt the data. This is like writing the diary in an unbreakable code that only you can read. Even if it gets found you have nothing to worry about because nobody will understand it.

If the information is sensitive enough that you are considering an ineffective security through obscurity approach it's worth securing the right way. Encryption is the only true security and Hider 2 makes it easy.